rules

package
Version: v3.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 29, 2019 License: MIT, Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewArchive

func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewArchive creates a new rule which detects the file traversal when extracting zip archives

func NewBadTempFile

func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBadTempFile detects direct writes to predictable path in temporary directory

func NewBindsToAllNetworkInterfaces

func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBindsToAllNetworkInterfaces detects socket connections that are setup to listen on all network interfaces.

func NewBlacklistedImportCGI

func NewBlacklistedImportCGI(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportCGI fails if CGI is imported

func NewBlacklistedImportDES

func NewBlacklistedImportDES(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportDES fails if DES is imported

func NewBlacklistedImportMD5

func NewBlacklistedImportMD5(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportMD5 fails if MD5 is imported

func NewBlacklistedImportRC4

func NewBlacklistedImportRC4(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportRC4 fails if DES is imported

func NewBlacklistedImportSHA1

func NewBlacklistedImportSHA1(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportSHA1 fails if SHA1 is imported

func NewBlacklistedImports

func NewBlacklistedImports(id string, conf gosec.Config, blacklist map[string]string) (gosec.Rule, []ast.Node)

NewBlacklistedImports reports when a blacklisted import is being used. Typically when a deprecated technology is being used.

func NewFilePerms

func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewFilePerms creates a rule to detect file creation with a more permissive than configured permission mask.

func NewHardcodedCredentials

func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewHardcodedCredentials attempts to find high entropy string constants being assigned to variables that appear to be related to credentials.

func NewIntermediateTLSCheck

func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewMkdirPerms

func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewMkdirPerms creates a rule to detect directory creation with more permissive than configured permission mask.

func NewModernTLSCheck

func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewModernTLSCheck creates a check for Modern TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewNoErrorCheck

func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewNoErrorCheck detects if the returned error is unchecked

func NewOldTLSCheck

func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewOldTLSCheck creates a check for Old TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewReadFile

func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewReadFile detects cases where we read files

func NewSQLStrConcat

func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSQLStrConcat looks for cases where we are building SQL strings via concatenation

func NewSQLStrFormat

func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSQLStrFormat looks for cases where we're building SQL query strings using format strings

func NewSSHHostKey

func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.

func NewSSRFCheck

func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSSRFCheck detects cases where HTTP requests are sent

func NewSubproc

func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSubproc detects cases where we are forking out to an external process

func NewTemplateCheck

func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewTemplateCheck constructs the template check rule. This rule is used to find use of tempaltes where HTML/JS escaping is not being used

func NewUsesWeakCryptography

func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*

func NewUsingBigExp

func NewUsingBigExp(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsingBigExp detects issues with modulus == 0 for Bignum

func NewUsingUnsafe

func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsingUnsafe rule detects the use of the unsafe package. This is only really useful for auditing purposes.

func NewWeakKeyStrength

func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits

func NewWeakRandCheck

func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure

Types

type RuleDefinition

type RuleDefinition struct {
	ID          string
	Description string
	Create      gosec.RuleBuilder
}

RuleDefinition contains the description of a rule and a mechanism to create it.

type RuleFilter

type RuleFilter func(string) bool

RuleFilter can be used to include or exclude a rule depending on the return value of the function

func NewRuleFilter

func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter

NewRuleFilter is a closure that will include/exclude the rule ID's based on the supplied boolean value.

type RuleList

type RuleList map[string]RuleDefinition

RuleList is a mapping of rule ID's to rule definitions

func Generate

func Generate(filters ...RuleFilter) RuleList

Generate the list of rules to use

func (RuleList) Builders

func (rl RuleList) Builders() map[string]gosec.RuleBuilder

Builders returns all the create methods for a given rule list

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL